Question No: 11

A security analyst is performing a forensic analysis on a machine that was the subject of some historic SIEM alerts. The analyst noticed some network connections utilizing SSL on non-common ports, copies of svchost.exe and cmd.exe in %TEMP% folder, and RDP files that had connected to external IPs. Which of the following threats has the security analyst uncovered?

DDoS

APT

Ransomware

Software vulnerability

Answer: D

Question No: 12

A cybersecurity analyst is reviewing the current BYOD security posture. The users must be able to synchronize their calendars, email, and contacts to a smartphone or other personal device. The recommendation must provide the most flexibility to users. Which of the following recommendations would meet both the mobile data protection efforts and the business requirements described in this scenario?

Develop a minimum security baseline while restricting the type of data that can be accessed.

Implement a single computer configured with USB access and monitored by sensors.

Deploy a kiosk for synchronizing while using an access list of approved users.

Implement a wireless network configured for mobile device access and monitored by sensors.

Answer: D

Question No: 13

A security analyst has created an image of a drive from an incident. Which of the following describes what the analyst should do NEXT?

The analyst should create a backup of the drive and then hash the drive.

The analyst should begin analyzing the image and begin to report findings.

The analyst should create a hash of the image and compare it to the original drive’s hash.

The analyst should create a chain of custody document and notify stakeholders.

Answer: C

Question No: 14

An analyst was tasked with providing recommendations of technologies that are PKI X.509 compliant for a variety of secure functions. Which of the following technologies meet the compatibility requirement? (Select three.)

3DES

AES

IDEA

PKCS

PGP

SSL/TLS

TEMPEST

Answer: B,D,F

Question No: 15

Which of the following best practices is used to identify areas in the network that may be vulnerable to penetration testing from known external sources?

Blue team training exercises

Technical control reviews

White team training exercises

Operational control reviews

Answer: A

Question No: 16

An incident response report indicates a virus was introduced through a remote host that was connected to corporate resources. A cybersecurity analyst has been asked for a recommendation to solve this issue. Which of the following should be applied?

MAC

TAP

NAC

ACL

Answer: C

Question No: 17

A reverse engineer was analyzing malware found on a retailer’s network and found code extracting track data in memory. Which of the following threats did the engineer MOST likely uncover?

POS malware

Rootkit

Key logger

Ransomware

Answer: A

Question No: 18

A security analyst is adding input to the incident response communication plan. A company officer has suggested that if a data breach occurs, only affected parties should be notified to keep an incident from becoming a media headline. Which of the following should the analyst recommend to the company officer?

The first responder should contact law enforcement upon confirmation of a security incident in order for a forensics team to preserve chain of custody.

Guidance from laws and regulations should be considered when deciding who must be notified in order to avoid fines and judgements from non-compliance.

An externally hosted website should be prepared in advance to ensure that when an incident occurs victims have timely access to notifications from a non-compromised recourse.

The HR department should have information security personnel who are involved in the investigation of the incident sign non-disclosure agreements so the company cannot be held liable for customer data that might be viewed during an investigation.

Answer: A

Question No: 19

An analyst finds that unpatched servers have undetected vulnerabilities because the vulnerability scanner does not have the latest set of signatures. Management directed the security team to have personnel update the scanners with the latest signatures at least 24 hours before conducting any scans, but the outcome is unchanged. Which of the following is the BEST logical control to address the failure?

Configure a script to automatically update the scanning tool.

Manually validate that the existing update is being performed.

Test vulnerability remediation in a sandbox before deploying.

Configure vulnerability scans to run in credentialed mode.

Answer: A

Question No: 20

An alert has been distributed throughout the information security community regarding a critical Apache vulnerability. Which of the following courses of action would ONLY identify the known vulnerability?

Perform an unauthenticated vulnerability scan on all servers in the environment.